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(57) Abstract 



The present lnv«ition teaching a method of generating a plurality of random numbers is disclosed, TTic method cwnpriscs the uuual 
step of generating chaotic noise. SubsequcnUy. the chaotic noise is sampled such that a plurality of samples are created. Each swnple of ffic 
phiality of samples is then converted Into digital data such that each converted sample coiresponds with a random number of the plurality 
of random numbers. 
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A METHOD OF GENERATING 
SECRET IDENTIFICATION NUMBERS 



FTPT n nv TTTF TNTVPNTTON 

The present invention relates to cryptography, and more particularly to a process 
and system for generating random numbers based on chaos. 

5 

ftArTCnROTIND OF THE INVENTION 

Pseudo-random number generators are well known in the cryptographic sciences. 

10 Cryptography is defined as the art and science of preventing eavesdroppers from 
understanding the meaning of intercepted messages. In such security minded 
applications, pseudo-random as well as truly random nimiber generators can be used 
to support the encryption and decryption of information. These number generators are 
commonly employed for two separate purposes: 1) to generate "secret key" 

15 information to be used as either a shared secret key or public +private key set for 
cryptographic encoding and decoding of information, and 2) to generate a stream of 
numbers that is used to obscure message contents. 

In a secret key application, a small set of secret numbers is used as a 
20 cryptographic key for encoding as well as decoding messages. It is vitally important 
that this key not be known by unauthorized parties, nor discernible via cryptanalysis to 
unauthorized parties based on knowledge of messages. Thus, it is desirable to use a 
,1 sequence of apparently random numbers in order to manufacture a plurality of secret 
keys. We define an "apparently random" number as a number within a sequence of 
25 numbers such that there is no practicable way to reconstruct that particular number's 



wo 97/11423 



PCT/US96/15211 



value nor substantially narrow the set of possible values of that particular number, even 
given access to the algorithms, equipment, and all other numbers in the sequence. 

An inexpensive manufacturing process for secret keys poses special requirements 
on generating random or pseudo-random numbers. In particular: 

1) Only widely available off-the-shelf equipment may be used in order to 
minimize procurement, maintenance, and repair costs; 

2) It must not be possible to reproduce the sequence of numbers used to 
create the secret keys, and even by the manufacturer while in full 
possession of all equipment and algorithms used in the process; and 

3) There must be a guarantee of no duplicate secret keys ever being 
generated and, at the same time, no record of the actual key values may 
be retained by the manufacturer. 

The crux of the manufacturing process is inexpensively creating a stream of 
apparently random numbers. This description concentrates on the application of 
generating apparently random numbers for "secret key" creation, with the 
understanding that the disciission ai^Ues equally to gaieratmg any stream of apparently 
random numbers, such as that used by traditional one-time padA^emam cypher 
encryption techniques. 

A traditional way to create apparently random numbers in low-security 
applications is to \ise pseudo-random number generators. Pseudo-random nimibers are 
created using a deterministic algorithm. The goal of an ordinary pseudo-random 
number generator is to produce a sequence of apparently random numbers, assmning 
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that any potential adversary has neither access nor desire to understand the generating 
algorithm. Pseudo-random numbers can serve as an approximation to truly random 
numbers for a limited set of pxirposes, and are conmionly available used in simulations 
and games. Typical pseudo-random number generators are based on linear feedback 
5 shift registers or linear congruential generators (often hnplemented in software). Given 
the algorithm and current state (e.g., values of computer software variables), pseudo- 
random number generator ou^ut can be exactly replicated. Because this information 
may be obtamed by inspecting oi^ or a few values m a sequence, ordinary pseudo* 
random number generators are unsuitable for our puiposes. 

10 

Cryptographically secure pseudo-random number generators are special pseudo- 
random number generators that have been designed to resist attempts to determine the 
current state via examination of the generated random niunber stream. They typically 
assume that the adversary has complete access to the algorithm, but not to the current 

15 state values. Such ger^rators are, however, deterministic. Therefore, if security of the 
current state is breached by cryptanalysis or other method, all numbers created by the 
geKrator in the future (and, in many designs, the past) may be deduced. Work in this 
field has traditionally assumed that the legitimate owner of the generator can be trusted 
not to reveal or exploit knowledge of the current generator state. However, a defecting 

20 employee or industrial espionage may compromise a cryptographically secure 
generator, so it is unsuitable for our purposes. 

A "truly random" sequence of numbers is one in which there is a theoretical 
basis for stating that no mathematical nor scientific method can predict the next number 
25 in the sequence given an arbitrarily long past history of the sequence behavior. In 
particular, there is absolutely no pattern, correlation, nor dependency between numbers 
in the sequence other than chance patterns. Generation of truly random sequences 
typically requires physical measurement of quantum mechanical uncertainty such as 
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radioactive decay. While truly random numbers perfect for use as apparently random 
numbers, measurement equipment of this sort is not readily available. Also, there is 
a low probability, but no guarantee, against subsequences of random numbers 
repeating. 

"Chaotically** generated numbers can be created by repeated experimental trials 
using a chaotic system with quantized outcomes, such as a coin or set of dice. In a 
chaotic system, outcomes vary gready and nonlinearly according to minute variations 
of initial e?q>erimental conditions. Therefore small sources of experimental error that 
are inevitably present in the physical world are magnified to the point that it is 
impracticable to correlate system outputs (numbers) with available measurements of 
system inputs (initial conditions). Generating large volumes of chaotic experimental 
results has in the past required special-purpose hardware such as a nonlinear oscillator, 
which is not readily available. Furthermore, there is no guarantee that chaotically 
generated random numbers will not repeat due to either chance or unexpected biases 
within the experimental apparatus. 

One approach to generate apparently random number generators has been to 
utilize deterministic mathematical algorithms that compute simulations of chaotic 
systems. Because such simulations are computed using exactly specified numbers 
representing initial conditions, the source of apparent randomness due to minute 
variation of initial conditions is lost when performing simulations instead of physical 
experiments. Therefore, these approaches are deterministic and therefore vulnerable 
and subject to attack and compromise if the particular chaotic formula being used 
becomes known (for example, by examining the relevant patent) or deduced by 
cryptanalysis. Similarly, several pseudo-random number generators are known to be 
based on algorithmic-based recursion formulas, and are also subject to compromise. 
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Often, strategies employed in pseudorandom number generator designs have 
relied upon specialized digital hardware. One such method uses a linear feedback shift 
register ("LFSR") for obtaining an n-bit pseudo-random number by serially shifting out 
n bits from the shift register or shift register chain during a substantially long period 
outside the purview of potential eavesdroppers. For example, a sixty-four (64) bit 
maximal length LFSR running at a clocked fi-equency of 1 MHz could be sampled 
every few seconds to approximate a random number stream and be guaranteed not 
repeat to itself for 585,000 years. However, the LFSR approach is still deterministic. 
As such, as all ftiture and past states can be predicted when the present state of the shift 
register is known. For example, purchase and reverse-engineering of a single 
manufactured unit to d^ermine its secret key value would allow intelligent guessing of 
the values of other units manufacmred in the same or proximate batches. 

As a result of these problems and in view of the growth of cryptographic 
applications, a demand exists for a random number generator which is not 
deterministic, can be implemented with commonly available equipment, and which is 
guaranteed not to generate duplicate secret keys. A need fiirther exists for such a 
random number gererator from which results caimot be duplicated, even by the 
designer or secret key manufacturer. 

For the remainder of this document, we shall use the unqualified term "random 
number" to denote an apparently random number. While it is understood that truly 
random number generation is not being discussed, apparently random numbers are 
considered "random" for our purposes. 
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nTSri nCTTOF of THK nsJVFMTTriM 

The primary advantage of the present invention is to overcome the limitations 
of the prior art. 

5 

Another advantage of the present invention is to provide a method and system 
for generating a number stream that, using the most advanced cryptanalytic and 
statistical methods available, is indistinguishable from a truly random number stream. 

10 Another advantage of the present invention is to provide a method and system 

for generating random numbers which is non-deterministic. 

Another advantage of the present invention is to provide a method and system 
for guaranteeing that no particular subsequence of random numbers or derivative value 
15 is used twice while at the same time eliminating vulnerabilities associated with keeping 
records of values generated. 

A further advantage of the present invention is to provide a method and system 
for generating random numbers which is immime to attack and compromise, even from 
20 the manufacturer of the random numbers. 

Yet still another advantage of the present invention is to provide a method aiKl 
system for graerating random numbers which utilizes the apparently random nature of 
chaotic systems generally. 

25 

In order to achieve the advantages of the present invention, a method of 
generating a plurality of random numbers is disclosed. The method comprises the 
initial step of generating chaotic noise. Subsequently, the chaotic noise is sampled such 
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that a plurality of sanq)les arc created. Each sample of the plurality of samples is then 
converted into digital data such that each converted sample corresponds with a random 
number of the plurality of random numbers. In an alternate embodiment of the present 
invention, a plurality of samples correspond with a single random number. 

5 

Furthermore, a system of generating a plurality of random numbers is also 
disclosed. The system ecanprises a chaotic noise generator for generating chaotic noise, 
and a recording device for sampling the chaotic noise such that a plurality of samples 
are created. Moreover, a digitizer is mcorporated for converting each sample of the 
10 plurality into digital data such that each converted sample of the plurality corresponds 
with a random number of the plurality of random numbers. In an alternate embodiment 
of the present invention, a plurality of samples correspond wifli a single raiKlom 
number. 

15 These and other advantages and objects will become apparent to those skilled in 

the art from the following detailed description read in conjunction with the appended 
claims and the drawings attached hereto. 



20 ttttfPF DRSPPTPTTON O F THF HRAWINGS 

The present mvention will be better understood from reading the following 
description of non-limitative embodiments, with reference to the attached drawings, 
wherem below: 



25 



Figures 1 illustrates a block diagram of the preferred embodiment of the present 
invention; 
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Figure 2 illustrates a high-level overview flowchart of the preferred embodiment 
of the present invention; 

Figure 3 illustrates a more detailed flowchart of the first several steps of the 
5 preferred embodiment of the present invention; and 

Figure 4 illustrates a more detailed flowchart of the remaining steps of the 
preferred embodiment of the present invention. 

10 It should be emphasized that the drawings of the instant application are not to 

scale but are merely schematic rq>resentations and are not intended to portray the 
specific parameters or the structural details of the invention, which can be determined 
by one of skill in the art by examination of the information herein. 

15 

DFTATT RH nF5;^1^TPTT^^I OF THF TNVFMTTOM 

Referring to Figure 1, a block diagram of the preferred embodiment of the 
present invention is illustrated depicting a system 5 for generating a plurality for 

20 random numbers. As will become evident upon understanding the present disclosure, 
and the preferred raibodiment particularly, system S randomly generates a sequence of 
secret identification nimibers, hereinafter referred to as "IDs." Each ID generated is 
associated with a fob of a remote keyless entry system. To improve and ensure the 
security of such an entry system, cryptographic security is incorporated to substantially 

25 restrict the opportunity to compromise any random ID generated by system 5. 

To realize the aim of generating random IDs, system 5 comprises a chaotic noise 
■ source 10 for generating chaotic noise. In one embodiment, chaotic noise source 10 
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comprises an electromechanical generator for generating turbulent air flow. Turbulent 
air flow comprises characteristics that may be classified as randomly occurring in 
nature, as opposed to those elements having a pseudo randomness resulting from 
simulated chaos created by deterministic mathematics. In the preferred embodiment 
5 of the present invention, the turbulent air flow output of the chaotic noise generator 10 
is generated by a small, high-air-volume, generically "noisy" fan because it provides 
turbulent air flow and creates noise that is inherently chaotic. It should be apparent that 
a spectrally pure noise source, such as a pure sinusoidal tone, is highly undesirable. 

10 System 5 further comprises a recording device 15 for capturing the unique 

spatial perspective of the recording device IS. Recording device IS records the chaotic 
noise output gei^rated by chaotic noise source 10, as well as the ambient noise and any 
other extraneous sounds, such as fan motor noise, uniquely present at its particular 
spatial coordinates. In the preferred embodiment, recording device 15 comprises a 

15 microphone positioned in reasonably proximate distaiice to the chaotic noise source 10 
for recording the air flow around the microphone. It should be apparent to one of 
ordinary skill in the art that the relevant amplitudes of the sounds and noises recorded 
by recording device 15 when combined with self-noise from turbulent air flow over and 
around recording device 15, are unique, and as such, may not be reproduced as the 

20 coordinates of the device 15 are inhabited by only one spatial element. 

Once the chaotic noise generated by source 10 is recorded by device 15, the 
resultant recorded sound is fed into a computer 20, and more particularly sampler and 
digitizer 25. Sampler and digitizer 25 performs two functions. First, sampler and 
25 digitizer 25 samples the resultant recorded sound recorded by recording device 15 at 
a predetermined firequency . In the preferred embodiment, the predetermined frequency 
is lower than the operating frequency of the fan generating the turbulent chaotic noise. 
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As a result of sampling the recorded sound, sampler and digitizer 25 generates 
a plurality of samples. The plurality of samples are then digitized by an analog to 
digital converter, such that each sample is converted into a digital data set, which in one 
embodiment comprises 8 bits. In the preferred embodiment of the present invention, 
5 both functions of sampler and digitizer 25 are realized by a personal computer ("PC") 
sound card, such as for example the Sound Blaster^ AWE 32 sound card. 

Moreover, system 5 additionally comprises a microprocessor/ microcontroller 
35 and a memory 30. Microprocessor 35 performs a series of algorithmic functions 
10 stored in memory 30 for obscuring the random nimibers generated, insuring the 
randomness of the random ntmibers generated, encrypting the random numbers to 
prevent reverse engineering, as well as reducing correlations between samples. As a 
result of performing these algorithmic functions, as overviewed in Figure 2, a random 
number output is generated. 

15 

It should also be apparent to one of ordinary skill in the art that while these 
algorithmic functions are detailed as being performed serially by a microprocessor, 
several may be performed in some parallel manner. Likewise, the order for which 
these fimcdons may be performed may be variously arranged. However, it should be 
20 to one of ordinary skill that either of these options presents diminished and/or 
substandard random number generation. 

Referring to Figure 3, the detailed steps of the preferred embodiment for 
generating a stream of apparently random numbers. The first function performed by 
25 microprocessor 35 is the algorithmic step of shuffling each data set. Upon receiving 
a digital data set of each converted san^le, microprocessor 35 positions the digital data 
set into a data array 32 - which in the preferred embodiment is 8 Kbytes in size -using 
a stride for obscuring sampling correlations between converted samples. It is known 

-10- 
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that data input into sequential array bytes may result in data correlations between 
adjacent bytes as source may be sampled at a speed much slower than the Nyquist 
frequency of 2 times the dominant frequency components. As such, to obscure these 
correlations, the data is scattered through array 32 as it is collected. It should be noted 
5 that while the data may also be scattered after collection is convicted, such an approach 
would be less efficient. 

In the preferred embodiment, array 32 comprises a width and the stride having 
a size such that the width and the size are relatively prime. Nonetheless, the scattering 

10 function of sfaufRing each digital data set is accomplished by incrementing the memory 
array address by a number relatively prime to array size with wrap around for each 
sanq)led data set. Using a number relatively prime to the array size ensures dial each 
array element receive precisely one data point. As such, the prime stride is selected 
to be approximately the square root of the array size for maximum dispersal of data 

15 points. It is also preferred that the dominant frequencies of chaotic noise source 10 be 
distinct from the frequency at which the address for filling array 32 wraps around. 

Additionally, microprocessor 35 performs the additional algorithmic step of 
compressing each data set m order to "distill" the chaotic noise content. The portion 

20 of the information content, or entropy, in the data stream is generally less than the 
number of raw data bits associated with each data bit set. By compressing the data bits 
associated with each data bit set, the data is "squeezed" into a smaller space by 
transforming the raw data stream into a data stream that is closer, m size to the 
theoretical minimtim based on information entropy. As completely random data has 

25 entropy of one bit of entropy per bit of data, compressed data is a preferred 
approximation of randomness when compared with non-compressed data. Thus, 
compressing data prior to performing subsequent encryption is preferred as it hampers 
attacks based on data frequency analysis. 
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In the preferred embodiment, each digital data set has been shuffled prior to 
executing the compressing step. By performing compression on each digital data set, 
each number in the resultant compressed data set is a random number within a 
predetermined set of numbers that has an equal probability of being generated by 
5 system 5. Various compression techniques are known to one of ordinary skill in the 
art, such as for example PKZIP compression and UNIX compression, though Hufbnan 
encoding is preferred. Hufbnan encoding entails a byte by byte compression technique 
wherein the number of occurrences in the 8 Kbyte data iiq)ut set of byte values from 
0 to 255 is tallied. Each byte value is assigned a bit string, with shorter strings 

10 assigned to more frequent byte values. In the event all 256 values of the 8 bit mput 
occur with equal probability, the data is unaffected. However, as is much more likely 
the case, in the event that the probability distribution of inputs is nonuniform, the 
Huf&nan encoding process substitutes a sequence of varying length bit streams for the 
array of byte values. It should be apparent to one of ordinary skill in the art that as the 

15 lengths of the bit strings vary in relation with the input byte probability distribution, 
nimierous output byte values exist irrespective of the repetition of the sequence of input 
byte values due to undesirable correlations. As such, Huffman encoding is the 
preferred compression technique. 

20 A third algorithmic step performed by microprocessor 35 is one way encrypting 

data set. To insure against compromise by prediction techniques, each compressed 
sample is one way encrypted. The step of one way encryption is performed for two 
essential reasons. First, encrypting the input bits insures the randomness of the 
resultant numbers generated by system 5. Second, performing a one way encryption 

25 step frustrates attempts to sample the random data stream for extrapolating other 
generated values based on attempts to model fan noise. 

-12- 
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In the preferred embodiment, the one way encryption technique of choice is 
MD-5. This selection is based on several factors, including the fact that MD-5 is a one 
way hash function with no cryptographic key requirements. MD-5 is inherently 
irreversible because it reduces a 64 byte input array to a 16 byte output array, making 
5 brute force attacks based on guessing inputs impractical; one of 4x10"^ inputs. As 
such, recovery of the original data stream is made impossible, even by the original 
encryptor. Moreover, MD-5 comprises a uniformly distributed probability of output 
bit values when given ic^ts with essentially any set of varying input vahies. It should 
be apparent, however, that the MD-5 approach may replaced by various other 
10 encryption methods in view of the instant disclosure, including MD-2 encryption, 

MD-4 encryption, SUA encryption, SNEFRU encryption, as well as other techniques 
apparent to one of ordinary skill in the art in view of die present invention. 

To further insure the randonmess of the numbers generated by system 5, in an 
15 alternate embodiment of the present invention, an additional algorithmic step is 
performed by microprocessor 35. Here, a portion of each compressed sample 
preferably, or in the alternative a portion of each data set are input to a logical 
exclusive OR C'XOR") gate 38 simultaneously witii an independentiy varying, 
guaranteed non-repeating value, preferably die date and time of day. The ou^ut of die 
20 XOR is then one way encrypted algorithmic step by microprocessor 35. In so doing, 
some variation is instituted in the input of die one way encryption algoridmi m die event 
an unintentionally repetitive data mput exists. As a point of illustration, it should be 
apparent to one of ordinary skill in die art diat shnply running die time of day or a 
counter output through an MD-5 encryption scheme would be vulnerable to attack by 
25 someone who knows die process and guesses die time of day while looking for a 
matching output. 

4 
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As a result of the hereinabove algorithmic steps, a one way encrypted random 
number output is generated by computer 20, and more particularly microprocessor 35. 
This output is comprises a stream of random byte values 64. Each random byte value 
comprises a uniform probability of distribution with respect to a predetermined range. 

In still a further embodiment of the present invention, duplicate encrypted 
random numbers of the random byte stream generated by computer 20 are eliminated 
to further ensure the security of the random numbers. Here, duplicate samples in the 
output of computer 20 are detected by means of a comparator 40 for comparing each 
of random number sanq>le with each odier random number sample. It should be noted 
that this may also achieved within computer 20. To effectively perform this function, 
comparator 40 comprises a memory 42 for storing the plurality of encrypted samples. 
Further, a discarding device or duplicate data dump 44 is also incorporated for 
discarding duplicates in the phuality of encrypted random numbers. It should be noted 
that while the input of comparator 40 is a plurality of one way encrypted, compressed 
and shuffled random numbers, the ouq)ut of comparator 40 comprises ntimber set that 
is not random, but rather numbers with specific mathematical properties which are 
selected at random. This ai^roach is of significance in the preferred applications of the 
instant invention wherein a unique secret identification nimiber is placed into a remote 
fob transmitter for a remote keyless entry automobile system. 

Referring to Figure 4, a flowchart of a method to convert the random byte values 
64 into ID values is illustrated. With a stream of random byte values generated, several 
additional steps may be performed to realize a secret identification value. This is of 
particular significance where a secret nimiber is required to uniquely identify a 
particular object, such as a keyless entry fob in the preferred embodiment, or a cellular 
phone for example. 
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The first step performed on the stream of random byte values involves a 
determination as to whether a secret identification number is needed. This is 
particularly of note in the preferred embodiment where fob transmitters are 
manufactured as part of a remote control keyless entry systems. Here, the fob 
5 programmer examines the present need for a secret identification number for 
downloading during production. In the event the programmer concludes the answer as 
being a negative, the random byte stream is discarded while new values are 
continuously generated. 

10 However, should the programmer ascertain that a secret identification number 

is required, the random bytes values generated are used as a basis for creating the 
number. This process of creating the secret identification number is realized by 
utilizing the random bit stream to select actual secret identification numbers. The secret 
identification values generated fell within tiiree categories: linear feedback shift register 

15 ("LFSR"), cyclic redundancy code (*'CRC"), and odier values. 

The LFSR values are selected to correspond with maximal length feedback 
polynomials. These are feedback terms that, when used in an LFSR, produce 
sequences that cycle through all possible values except zcto before repeating. Selection 
20 of both 20 bit and a 19 bit feedback terms is accomplished by using the random byte 
stream to randomly select an entry in a file with precomputed maximal length LFSR 
feedback terms. 

Similarly, the CRC values are selected to correspond to feedback polynomials 
25 that have a mixture of one and zero bits. The selection criteria used is that random 
bytes are employed for the feedback terms, but bytes having fewer than two "one" bits 
or fewer than two "zero** bits are discarded. Thus, each byte of the 39 bit CRC 
feedback polynomials is guaranteed to have no more than 6 bits of the same value. Of 

-15- 



wo ^/l 1423 



PCT/US96/15211 



course, the top polynomial bit is forced to ' T while the bit above that is set to '0' in 
view of the fact that the 39 bit polynomial is contained in a 40 bit set of bytes. Given 
that some byte values are discarded, there are (238**5)/4 or 190,908,292,792 possible 
values for the CRC feedback term, wherein the 5 represents the nimiber of bytes with 
238 possible values each, and the four corresponds with the number of constant values 
of the top two bits. 

As for the third category of secret identification values, the other values are 
selected by simply using the random byte stream values. In the case of initial LFSR 
values, a non-zero random value is required, rejecting all zeros. 

Thus, the feedback terms of a maximal length linear feedback shift register 
("LFSR") are randomly selected from a pre-computed list in a memory device. This 
resiilts from a 20 bit LFSR feedback and a 19 bit LFSR feedback arrangement. 
Moreover, a cyclic redundancy checking ("CRC") device subsequently screens 
feedback values using a 39 bit CRC feedback configuration such that each byte has at 
a least two logical 0 bits and two logical 1 bits. The remainder of the process involves 
selecting other data from the random byte stream as initial values. As a result, the 
output generated is a candidate 128 bit secret identification number. Prior to 
acceptance, it must be demonstrated to be unique with respect to all previously 
generated secret identification values. 

Once the secret identification nmnbers are selected responsive to the random 
bytes values, a secret identification digest is computed. As the first step of maintaining 
the uniqueness of all secret identification nimibers, a secure digest of the candidate 
secret identification number is computed. This digest comprises a 32 bit nimiber that 
is deterministically computed from the 128 bit identification number in such a way as 
to ensure knowledge of the 32 bit digest does not reveal any useful information about 
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the original secret identification number. As each distinct identification number can 
generate only one digest function, the uniqueness of the digest values are ensured which 
in turn assures the uniqueness of the identification values. And as a number of distinct 
secret identification numbers formulate the same digest values, it is thus difficult to 
infer which secret identification number caused any particular digest value to be 
generated. 

The secret identification digest may be realized by performing a 
cryptographically secure hash function. While the MD-5 encryption method is die 
preferable choice, MD-2, MEM, SHA. SNEFRU encryption processes, as weU as 
other techniques apparent to one of ordinary skill in the art in view of the present 
invention may also be employed. The 16 byte identification value is padded with zeros 
to form a 64 byte input. MD-5 then cwnputes a 128-bit result that is treated as four 32 
bit words which are XORed together to form a 32 bit resultant digest vahie. This digest 
value is uniformly distributed over the range of a 32 bit values. 

As a result of computing a secret identification digest, a bitmapped table of 
previously generated digest vahies may be checked for duplicates. It should be noted 
that the probabUity of an actual duplicate is vanishingly small. With no "twiddle 
factor," detailed as the value bit pattern 26 in U.S. Patent 5,398,284, commonly 
assigned with the present invention, the possible number of combinations equal the 
product of the number (256) of ID byte vahies, the count number (255) of LFSR 
initializer vahies, the count number (2048) of LFSR feedback values, the identification 
iBimber (8,355,840) of LF^ initializer vahies, die identification number (356,960) of 
LFSR feedback values, and flie number (190,908,292,792) of CRC feedback values, 
or 7.61 X lOe^* possible valid identification numbers. 
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For randomly generating values, an approximation to the expected number of 
identification numbers for which a single duplicate will be generated is approximately 
(2V)**'^, where Vis the total mmiber of possible of identification numbers. As 7.61 
x lOe^^ possible valid identification nxmibers exist, one duplicate is expected to be 
generated for every (2 x (7.61 x lOe^'))***^ or 1.23 x l6t secret identification 
numbers manufactured. Thus, where an identification number is generated once per 
second, one duplicate will be generated every 390 million years. 

However, human error, software bugs, and mechanical faihire must also be 
considered. Thus, a duplicate checking function is performed. By checking for 
dupUcates, a "collision" with previous digest values may be detected and discarded to 
insure against the possibility that two secret identification numbers are generated. This 
is realized by first comparing the digest value with a list of all previously generated 
digest values. Subsequently, new secret identification numbers having duplicate digest 
values are discarded. As such, identification numters generating a previously 
encountered digest value having a bitmapped table value of 1 are discarded. 

With potential diQ)licates discarded, tiie next identification number is input with 
a new digest value having a bitmap table value of 0. This unique resultant identification 
number then causes the bitmap table for the new digest value to be set to 1 , indicating 
that the new identification number has been issued. By doing so, the programmer may 
transfer the next secret identification number to the object requiring a secret number. 

Using the above process, a resultant secret identification number may be 
programmed into a fob transmitter in a remote keyless entry vehicular system. Once 
residing within the fob transmitter, a base receiver of the remote keyless entry vehicular 
system may be programmed with the secret identification number. By this 
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arrangement, the secret identification number is transmitted by means of the computer 
only a single time to insure against compromise as is well known in the art. 

While the particular invention has been described with reference to illustrative 
embodiments, this description is not meant to be constraed in a limiting sense. It is 
understood that although the present invention has been described in a preferred 
embodiment, various modifications of the illustrative embodiments, as well as 
additional embodunents of the invention, will be apparent to persons skilled m the art 
upon reference to this description without departing from the spirit of the invention, as 
recited in the clauns appended hereto. It is therefore contemplated that the appended 
claims wiU cover any such modifications or embodiments as fall within the true scope 
of the invention. 

All of the U.S. Patents cited herein are hereby incorporated by reference as if 
set forth in their entirety. 



-19- 



wo 97/11423 PCT/US96/1521 1 

WECT.AIM: 

1. A system for generating a plurality of random numbers, the system 
comprising: 

a chaotic noise geneirator for generating chaotic noise; 

a sampling device for sampling said chaotic noise such that a plurality of 
samples are created; 

a digitizer for converting each sanq>le of said plurality into a digital data set; 
and 

a computer for shuffling said digital data set of each converted sample of said 
plurality, for compressing said digital data set of each converted sample of 
said plurality, and for one way encrypting said digital data set of each 
converted sample of said plurality, such that each converted sample of said 
plurality corresponds with a random number of the plurality of random 
numbers. 

2. The system for generating a plurality of random numbers of claim 1 , wherein 
said computer comprises a data array for receiving said digital data set of each 
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converted sample of said plurality using a stride to reduce sampling correlations 
resulting from said sampling of said chaotic noise by said sampling device, said 
array comprising a width and said stride comprising a size, and said width and said 
size being a prime number. 

3. The system for generating a plurality of random numbers of claim 1 , wherein 
said computer further comprises: 

a comparing device for comparing each of said one way encrypted digital 
data sets of said converted samples of said plurality; and 

a discarding device for discarding a duplicate encrypted digital data set from 
each of said one way encrypted digital data sets. 

4. The system for generating a plurality of random numbers of claim 1 , wherein 
said computer comprises: 

a logical exclusive OR gate for exclusively ORing a unique perspective 
marker with said compressed digital data set of each converted sample of 
said plurality to insure the randomness of the plurality of random numbers. 
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5 . The system for generating a plurality of random numbers of claim 1 , wherein 
said chaotic noise generator for generating chaotic noise comprises an operating a 
fan for generating said turbulent air flow. 

6. The system for generating a plurality of random numbers of claun 1 , wherein 
said sampling device samples said chaotic noise at a lower frequency than said 
chaotic noise generator operates for generating said turbulent air flow. 

7. A method of generating a secret identification number from a random digital 
data stream, the method comprising the steps of: 

selecting a first group of bytes from the random digital data stream, said first 
group of bytes having a first numerical value; 

looking up a first maximal length LFSR feedback term from a list in 
response to said first numerical value; 

generating a cyclic redundancy code feedback term in response to filtering 
out predetermined values from a third group of bytes selected from said 
random digital data stream; and 
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forming the secret identification number from said first maximal length 
LFSR feedback term, said cyclic redundancy code feedback term, and a 
fourth group of bytes from said random digital data stream. 

8. The method of generating a secret identification number from a random 
digital data stream of claim 7, wherein said step of generating a cyclic redundancy 
code feedback term comprises the steps of: 

examining whether said cyclic redundajicy code feedback term comprises less 
than two "0" bits or "1" bits; and 

generating a replacement feedback term for said cyclic redundancy code 
feedback term if said cyclic redundancy code feedback term comprises less 
than two "0" bits or "1" bits. 

9. The method of generating a secret identification number from a random 
digital dau stream of claim 7, further comprising the steps of: 

selecting a second group of bytes from the random digital data stream, said 
second group of bytes having a second numerical value; and 
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looking up a second maximal length LFSR feedback term from a list in 
response to said second numerical value such that said secret identification 
number is formed from said first and second maximal length LFSR feedback 
ternia, said cyclic redundancy code feedback term, and a fourth group of 
bytes from said random digital data stream. 

10. The method of generating a secret identification niunber from a random 
digital data stream of claim 9, further comprising the steps of: 

repeating the steps of randomly selecting a first and a second group of bytes, 
looking up a first maximal length LFSR feedback term, looking up a second 
maximal length LFSR feedback term, generating a cyclic redundancy code 
feedback term, N times to create N secret identification numbers; 

one way encrypting each of said N secret identification numbers; 

computing a secure digest for each one way encrypted secret identification 
number of said N secret identification numbers; 

comparing each one way encrypted secret identification number of said N 
secret identification numbers with each other one way encrypted secret 
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identification number of said N secret identification numbers within said 
digest; and 



discarding each one way encrypted secret identification number of said 
multiplicity within said digest when two identical compressed one way 
encrypted secret identification number are discovered. 

11. A method for generating a multiplicity of random mmibers, the method 
comprising the steps of: 



generating chaotic noise; 



sampling said chaotic noise such that a plurality of samples are created; 

converting said plurality of samples into a random digital data stream; and 

forming the multiplicity of random numbers from said random digital data 
stream. 
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12. The method for generating a multiplicity of random numbers of claim 11, 
wherein said step of forming the multiplicity of random numbers comprises the step 
of: 

shuffling said plurality of converted samples to obscure correlations between 
the multiplicity of random numbers. 

13. The process for generating a multiplicity of secure random numbers of 
claim 12, wherein said step of shuffling said digital data set comprises the step of: 

positioning each converted sample of said plurality into a data array using a 
stride to reduce sampling correlations resuhing from said sampling of said 
chaotic noise. 

14. The process for generating a multiplicity of secure random numbers of 
claim 13, wherein said array comprises a width, said stride comprises a size, said 
width and said size being a prime number. 
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15. The method for generating a multiplicity of random numbers of claim 11, 
wherein said step of forming the multiplicity of random numbers comprises the step 
of: 

compressing said plurality of converted samples such that each random 
number of the multiplicity has an equal probability of being generated. 

16. The method for generating a multiplicity of random numbers of claim 11, 
wherein said step of forming the multiplicity of random numbers comprises: 

one way encrypting said plurality of converted samples to prevent sampling 
the random digital data stream for extrapolating other generated values based 
on modeling said generated chaotic noise. 

17. The method for generating a multiplicity of random numbers of claim 16, 
further comprising the steps of: 

examining said one way encrypted plurality of converted samples for 
duplicate converted samples; and 

discarding said duplicate one way encrypted converted samples. 
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18. The method for generating a multiplicity of random numbers of claim 16, 
further comprising the step of: 



exclusively ORing an independent perspective marker with said compressed 
pluraliQr of converted samples to insure the randomness of the multiplicity 
of random numbers. 

19. The method for generating a multiplicity of random nmnbers of claim 1 1 , 
wherein said step of generating chaotic noise comprises the step of generating 
turbulent air flow. 

20. The method for generating a multiplicity of random numbers of claim 19» 
wherein said step of generating turbulent air flow comprises the step of operating 
a fan for generating said turbulent air flow, and said step of sampling is performed 
at a lower frequency than said fan operates. 

21. The method for generating a multiplicity of random numbers of claim 11, 
wherein said further comprising the steps of: 

selecting a first group of bytes from said random digital data stream, said 
first group of bytes having a first numerical value, respectively; 
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looking up a first maximal length LFSR feedback term from a list in 
response to said first numerical value; 



generating a cyclic redudancy code feedback term in response to filtering out 
predetermined values from a third group of bytes selected from said random 
digital data stream; and 

fomiing a secret identification number from said first maximal length LFSR 
feedback term, said cyclic redudancy code feedback term, and a fourth 
group of bytes from said random digital data stream. 

22. The method for generating a multiplicity of random numbers of claim 21, 
wherein said step of generatmg a cyclic redudancy code feedback term comprises 
the step: 

examining whether saki cyclic redundancy code feedback term comprises less 
than two "0" bits or "1" bits; and 

generating a replacement feedback term for said cyclic redundancy code 
feedback term if said cyclic redundancy code feedback term comprises less 
than two "0" bits or "T bits. 
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23. The method for generating a multiplicity of random numbers of claim 21, 
further comprising the steps of: 



selecting a second group of bytes from the random digital data stream, said 
second group of bytes having a second numerical value; and 

looking up a second maximal length LFSR feedback term from a list in 
response to said second numerical value such that said secret identification 
number is formed from said first and secoml maximal length LFSR feedback 
terma, said cyclic redundancy code feedback term, and a fourth group of 
bytes from said random digital data stream. 

24. The method for generating a multiplicity of random numbers of claim 23, 
further comprising the steps of: 

repeatu% the steps of randomly selecting a first and a second group of bytes, 
looking up a first maximal length LFSR feedback term, looking up a second 
maximal length LFSR feedback term, generating a cyclic redudancy code 
feedback term, N times to create N secret identification nimibers; 

one way encrypting each of said N secret identification niunbers; 
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computing a secure digest of each one way encrypted secret identification 
number of said N secret identification numbers; 



comparing each one way encrypted secret identification number of said N 
secret identification numbers within said digest; and 

15 

discarding each one way encrypted secret identification number of said 
multiplicity within said digest when two identical compressed one way 
encrypted secret identification number are discovered. 
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2. I I Claims Not.: 

because they reials to psrts of the IniemaiionsI Appikaiion that do not comply with the prescribed requirements to such 
an extent that no meaningful IniemaBonal Search can be carried out, speoficallr. 



3. I J Claims Nos^ 

because they are dependent claims and sre not drafted in aooordanos with the second and third sentences of Rule 6.44 a). 

Box II Obscrvntiotts where unity of lavcntioa is Inckuif (CoBtiniinMi of item 2 of first sheet) 
This Imcmauonal Searching AuthorHy found multiple invenuons in this inscmationai appBcaiion. as follows: 

see annexed sheet 
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searchable dsuns. 
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4, rn No required sddiiional search fees were timely paid by the applicant. Consequently, this International Search Report is 
rcstTKted to ihe mvenuon first mentioned in the daimr. it is covered by claims Nos.: 
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[ [ No protest aocompanied the payment of additional search fees. 



Form PCT.lSAniO (conimuauon of first sheet |1)) (July 1992) 



INTERNATIONAL SEARCH REPORT 

imernationai Application Na PCT/US 96/ 15211 

FURTHER INFORMATION CONTINUED FROM PCT/ISA/210 



1. Claims 1-6, 11-20 : Generation of random numbers from noise by 
sampling the noise, digitizing it and subsequently combining the 
digitized data into random numbers. 

2. Claims 7-10, 21-24: Generation of a secret key from random numbers 
by selecting some of the random numbers and encoding it into a se* 
cret key using LFSR and a cyclic redundancy code. 
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